It was discovered that the evalInSandbox function's JavaScript sandboxcontext could be circumvented. An attacker could exploit this to perform across-site scripting (XSS) attack or steal a copy of a local file if theuser has installed an add-on vulnerable to this attack. With cross-sitescripting vulnerabilities, if a user were tricked into viewing a speciallycrafted page, a remote attacker could exploit this to modify the contents,or steal confidential data, within the same domain. (CVE-2012-4201)

Jonathan Stephens discovered that combining vectors involving the settingof Cascading Style Sheets (CSS) properties in conjunction with SVG textcould cause Firefox to crash. If a user were tricked into opening amalicious web page, an attacker could cause a denial of service viaapplication crash or execute arbitrary code with the privliges of the userinvoking the program. (CVE-2012-5836)

It was discovered that if a javascript: URL is selected from the list ofFirefox "new tab" page, the script will inherit the privileges of theprivileged "new tab" page. This allows for the execution of locallyinstalled programs if a user can be convinced to save a bookmark of amalicious javascript: URL. (CVE-2012-4203)

Scott Bell discovered a memory corruption issue in the JavaScript engine.If a user were tricked into opening a malicious website, an attacker couldexploit this to execute arbitrary JavaScript code within the context ofanother website or arbitrary code as the user invoking the program.(CVE-2012-4204)

Gabor Krizsanits discovered that XMLHttpRequest objects created withinsandboxes have the system principal instead of the sandbox principal. Thiscan lead to cross-site request forgery (CSRF) or information theft via anadd-on running untrusted code in a sandbox. (CVE-2012-4205)

Bobby Holley discovered that cross-origin wrappers were allowing writeactions on objects when only read actions should have been properlyallowed. This can lead to cross-site scripting (XSS) attacks. Withcross-site scripting vulnerabilities, if a user were tricked into viewing aspecially crafted page, a remote attacker could exploit this to modify thecontents, or steal confidential data, within the same domain.(CVE-2012-5841)

Masato Kinugawa discovered that when HZ-GB-2312 charset encoding is usedfor text, the "~" character will destroy another character near the chunkdelimiter. This can lead to a cross-site scripting (XSS) attack in pagesencoded in HZ-GB-2312. With cross-site scripting vulnerabilities, if a userwere tricked into viewing a specially crafted page, a remote attacker couldexploit this to modify the contents, or steal confidential data, withinthe same domain. (CVE-2012-4207)

Masato Kinugawa discovered that scripts entered into the Developer Toolbarcould run in a chrome privileged context. An attacker could use thisvulnerability to conduct cross-site scripting (XSS) attacks or executearbitrary code as the user invoking Firefox. With cross-site scriptingvulnerabilities, if a user were tricked into viewing a specially craftedpage, a remote attacker could exploit this to modify the contents, orsteal confidential data, within the same domain. (CVE-2012-5837)

Mariusz Mlynski discovered that the location property can be accessed bybinary plugins through top.location with a frame whose name attribute'svalue is set to "top". This can allow for possible cross-site scripting(XSS) attacks through plugins. With cross-site scripting vulnerabilities,if a user were tricked into viewing a specially crafted page, a remoteattacker could exploit this to modify the contents, or steal confidentialdata, within the same domain. (CVE-2012-4209)

Mariusz Mlynski discovered that when a maliciously crafted stylesheet isinspected in the Style Inspector, HTML and CSS can run in a chromeprivileged context without being properly sanitized first. If a user weretricked into opening a malicious web page, an attacker could executearbitrary code with the privliges of the user invoking the program.(CVE-2012-4210)

Several memory corruption flaws were discovered in Firefox. If a user weretricked into opening a malicious page, an attacker could exploit these toexecute arbitrary code as the user invoking the program. (CVE-2012-5830,CVE-2012-5833, CVE-2012-5835, CVE-2012-5838)

Update instructions

The problem can be corrected by updating your system to the following
package version: